41 lines
1.2 KiB
Plaintext
41 lines
1.2 KiB
Plaintext
#REGTEST_TYPE=bug
|
|
# This reg-test checks if the 'issuers-chain-path' work correctly
|
|
#
|
|
varnishtest "Test the issuers-chain-path keyword"
|
|
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.6)'"
|
|
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && openssl_version_atleast(1.1.1)'"
|
|
feature cmd "command -v openssl && command -v socat"
|
|
feature ignore_unknown_macro
|
|
|
|
haproxy h1 -conf {
|
|
global
|
|
stats socket "${tmpdir}/h1/stats" level admin
|
|
issuers-chain-path "${testdir}/issuers-chain-path/ca/"
|
|
crt-base "${testdir}/issuers-chain-path"
|
|
|
|
defaults
|
|
mode http
|
|
option httplog
|
|
log stderr local0 debug err
|
|
option logasap
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
frontend ssl-fe
|
|
bind "${tmpdir}/ssl.sock" ssl crt server.pem
|
|
http-request return status 200
|
|
} -start
|
|
|
|
|
|
# We should have two distinct ocsp responses known that were loaded at build time
|
|
haproxy h1 -cli {
|
|
send "show ssl cert ${testdir}/issuers-chain-path/server.pem"
|
|
expect ~ ".*Chain Filename.*"
|
|
send "show ssl cert ${testdir}/issuers-chain-path/server.pem"
|
|
expect ~ ".*Chain Subject.*"
|
|
}
|
|
|
|
haproxy h1 -wait
|
|
|